discordrat | 6b8f247e784b698beb5f367db3e0d5f3948bf197dcbcf6d5ea16d4a08f0318fb

Resubmissions

29-11-2024 18:35

241129-w8gb5svnfp 10

24-11-2024 17:02

241124-vkc45szjcw 10

23-11-2024 19:36

241123-ybkz6ssndy 10

23-11-2024 14:30

241123-rvhwlasqcn 10

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootsrapper.exe
Size

90KB
MD5

7eab793cd27c58b8c563d6a33a2f2a72
SHA1

24fc9a75389b6c115fff236ebd979264b0fd8f30
SHA256

6b8f247e784b698beb5f367db3e0d5f3948bf197dcbcf6d5ea16d4a08f0318fb
SHA512

f4d0c2f8c9fd9ba76a716b5eeab2e1db28235080a5b2822f3453567a1ec51347697edf859687393094332e2c01d5dc8667170cb4e4731b50afd79da14ee92e8e
SSDEEP

1536:IjvCBPyCGZ6wIopPAAqxhP51UGIfpAk0Wjgb2Nrs+uexCxoKV6+f3ky:WCBKCGZ1IoNUhP5qnRgb2Nrs+bS3ky

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwOTg4MDE2NTE2OTYzMTI1Mw.G_7Dxh.wsYSjBrol4khGDtnY_BBpyEe - H9AsmG2TfF5gs
server_id
1309880651683467275

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	30
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	30
PID 3008 wrote to memory of 816	3008	Bootsrapper.exe	30

C:\Users\Admin\AppData\Local\Temp\Bootsrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootsrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3008 -s 600
  2⤵
  PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3008-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

Filesize
4KB

Download
memory/3008-1-0x000000013F790000-0x000000013F7AC000-memory.dmp

Filesize
112KB

Download
memory/3008-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/3008-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads